Cyber Attack of UAC-0098 Group on Critical Infrastructure Facilities of Ukraine (CERT-UA # 4842)
Активність має персистентний характер та відстежується за ідентифікатором UAC-0098. Malicious document «Imposition of penalties.docx» which will open an HTML file and execute JavaScript code (CVE-2022-30190), which will download and run the malicious program Cobalt Strike Beacon (compilation date: 16.06.2022) has been detected. In cooperation with the subject of coordination, it was found out that the mentioned DOCX-document was contained in the password-protected archive «Imposition of Penalty Sanctions.zip», which, in turn, was distributed by e-mail, allegedly on behalf of the State Tax Service of Ukraine. letter: «Notice of non-payment of tax»). The activity is persistent and is tracked by UAC-0098 [1].
Ukraine Seeks to Join the Program of Development of Modern Technologies «Digital Europe»
At the meeting on June 17, the government approved a delegation for negotiations between Ukraine and the EU on participation in the Digital Europe program. This was announced by Prime Minister Denis Shmygal. The head of government noted that «Digital Europe» is a large-scale project worth 7.5 billion euros, which funds research and programs in the field of artificial intelligence, cybersecurity, digital skills and more. According to him, participation in the program will accelerate Ukraine’s «digital visa-free travel» with the EU. «We want to be part of Digital Europe, which will open up even more opportunities for our country and citizens to develop and realize their talents,» said Denis Shmygal [2].
The Cybersecurity Consortium Will Appear on russia
Due to the intensification of hacker attacks on russia’s IT infrastructure in late February after the start of the war in Ukraine, russia’s largest information security companies plan to join forces to develop joint solutions within the new consortium. The idea was put forward by the founder of Positive Technologies Yuri Maksimov, who may be joined by Kaspersky Lab, R-Vision, specialized divisions of russian Railways, Rosatom and others. «We are joining forces to systematically improve the industry to create a product with which one state will not be able to cause unacceptable harm to another in the event of a cyber conflict,» Maximov said. The initiative was supported by the Ministry of Finance. During the SPIEF, the head of the department Maksut Shadayev noted that the cybersecurity industry is experiencing «certain difficulties» as orders increase, companies start testing infrastructure, demand for pentests and Bug Bounty increases. He stressed that the project is commercial, not public, and the consortium will «optimize forces. [3].
The Presidential Adviser Compared the Cyber Attacks on SPIEF with the Bombing of Stalingrad
Adviser to the President of the russian federation, Executive Secretary of the SPIEF Organizing Committee Anton Kobyakov spoke about the DDoS attacks that affected the forum site. «We were bombed, like Stalingrad by the Nazis, by these DDoS attacks. But we have coped with this and now we know how they work,» Kobyakov said. According to him, the attacks were carried out with a capacity of 140 Gigabits per second from addresses in the United States, Colombia, Ukraine, Thailand, Bangladesh. He assured that the protection will be strengthened and in the future the organizers will be better prepared for such situations. Kobyakov stressed that 15 million packets per second is a serious attack. Since the beginning of the special operation in Ukraine, the number of DDoS attacks on russian organizations has increased many times. Only in March their eightfold increase was recorded. Most attacks were carried out on banks – 35%, on government agencies – a third of attacks, on educational institutions – almost every tenth (9%), on the media – 3% [4].
Unknown Hackers Carried out a Large-scale Cyber Attack on the Website of the Ministry of Defense of the Slovak Republic on the Night of June 17
«On the night of Thursday to Friday, the website of the Ministry of Defense of the Slovak Republic was subjected to a large-scale cyber attack. However, thanks to the Center for Cyber Defense of Military Intelligence, the attackers did not receive any information,» said the head of the Slovak Ministry of Defense Jaroslav Nagy. Nagy also confirmed that this rather large attack was repulsed without damaging the infrastructure, and the attackers, whose IP addresses were in different parts of the world, did not receive anything. «However, this confirms the need to further strengthen cybersecurity in the country. The incident is currently being investigated,» he said [5].
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv
+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved